CVE-2025-63226

The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63226_Sencore_SMP100_Session_Hijacking	Third Party Advisory
https://www.sencore.com/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sencore:decoder-ccv2_firmware:60.1.4:*:*:*:*:*:*:*

cpe:2.3:h:sencore:decoder-ccv2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sencore:smp100_firmware:4.2.160:*:*:*:*:*:*:*

cpe:2.3:h:sencore:smp100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sencore:en2sdi-2hd_firmware:60.1.29:*:*:*:*:*:*:*

cpe:2.3:h:sencore:en2sdi-2hd:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-11-18 20:15

Updated : 2026-02-13 16:13

NVD link : CVE-2025-63226

Mitre link : CVE-2025-63226

CVE.ORG link : CVE-2025-63226

JSON object : View

Products Affected

sencore

decoder-ccv2_firmware
decoder-ccv2
en2sdi-2hd_firmware
smp100_firmware
en2sdi-2hd
smp100

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-63226", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2025-11-18T20:15:47.583", "references": [{"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63226_Sencore_SMP100_Session_Hijacking", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sencore.com/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities."}], "lastModified": "2026-02-13T16:13:55.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sencore:decoder-ccv2_firmware:60.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7445C4B9-D9F3-48A1-A806-079B3857822C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sencore:decoder-ccv2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63B1BE2C-C908-4C5E-89C3-594B8833988A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sencore:smp100_firmware:4.2.160:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51A0331B-8E5D-4CEB-95B0-CBBCD4650D58"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sencore:smp100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "27BF2E6E-9BCD-43D7-8B5D-182DFA1D42C8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sencore:en2sdi-2hd_firmware:60.1.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8884DB25-128F-4C5B-A5E5-27CA448B7D1C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sencore:en2sdi-2hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EBFCA782-DE2F-4158-AC07-458EF16579E2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}